Alert - Petya Ransomware Propagation

28. June 2017

The National CERT of the Republic of Serbia (SRB-CERT) is informing and warning all computer users on the fast propagation of the new ransomware attack named Petya.

This type of malware prevents the user from accessing and using computer files. It is a serious global threat which has already affected computer systems in many countries.

The attack is very similar to the WannaCry virus attack, which caused significant damage throughout the world in May this year.

The users are advised not to open e-mail messages and attachments received from unknown senders. These precaution measures apply to unknown links and chat messages as well.

It is recommended to update operating systems an antivirus software on a regular basis and create backups of all important computer data, in order to minimize harmful effects caused by this type of attacks.

Besides urgent upgrading, protection can be accomplished by disabling the SMBv1 protocol (Server Message Block) for data sharing, by applying the patch CVE-2017-0199 (https://portal.msrc.microsoft.com/en-US/security-guidance) and by blocking the WMI remote access possibility. In order to close the 135 and 445 (TCP) ports, PSEXEC.EXE can be additionally blocked.

Users are also advised NOT TO pay the requested ransom amount since the attackers are unable to retrieve data exposed to Petya virus. This ransomware uses the following contact address: wowsmith12345@posteo.net.

(http://thehackernews.com/2017/06/petya-ransomware-attack.html)

The website www.cert.rs uses cookies for improvement of user experience and website functionality. By continuing to browse this website, you agree to the use of cookies.

Details